Mobile devices and tablet computers have no built-in security mechanisms for user authentication, beside a traditional PIN, which is seen as insecure in a world where increasingly more information is stored on mobile devices. As mobile devices become a favorite target of thieves, it is important to not only secure the device itself, but also the data on it and the data accessible by it, against unauthorized access.
A SIM card is the only trustworthy element included in every mobile device which is able to connect to a telephone network. But SIM cards miss the capability to really identify the user; they authenticate only something “you know” not “who you are.” Users tend to use simple or easy-to-type Personal Identification Numbers (“PINs”), especially on mobile devices. Voice or face recognition are also not easy to achieve on mobile devices.
There are several patent applications and issued patents in the field which use biometric methods to identify users on mobile devices. In U.S. Patent Publication No. 2010/0225443, a system is described for user authentication using touch sensitive elements and/or using a signature of the user. In U.S. Patent Publication No. 2011/0126024, a method and system are described for combining a PIN and a biometric sample. In U.S. Pat. No. 8,443,443, a behaviometric system is described for authenticating users, based on keyboard, mouse and GUI actions.
The typical gathering of behaviometric data lacks the security of binding the behaviometric data to a mobile device, so that a user may use any mobile device to authenticate himself. The ultimate goal of authenticating users in security is: “Something you know,” “something you have,” and “something you are.” For security reasons, it is sometimes favorable to restrict users to certain “approved” mobile devices. This is not possible with the above described solutions. Thus, needed in the art are more effective systems and methods for authenticating a user of a device using behaviorial information.